Re: forms authentication across multiple web servers

From: Roel (roel_at_pandora.be)
Date: 11/25/05 

Date: Fri, 25 Nov 2005 09:34:20 +0100

Too Bad ... :(
One application would in the end be 2.0 and the other 1.1, but they would be
in other domain namespaces.

Looks like i have some coding myself to do to make this possible.
Do you have any suggestions of passing the credentials in a secure way so
that they wouldn't have to login twice ?

Thanks.

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be6314c9688c7bf35ac68f7f0@news.microsoft.com...
> Hello Roel,
>
> this only works if the servers are in a contiguous domain
> namespace...sorry. You are out of luck here.
>
> ASP.NET 2.0 supports cookieless forms authentication. Your scenario would
> work there.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Hi Dominick,
>>
>> Thanks for your answer.
>>
>> The domain names differ completely:
>>
>> Server 1=
>> dev.xxx.biz
>> Server 2=
>> devnet.yyy.be
>> I will check the domain attribute.
>> should I set domain= .yyy.be in the web.config of server 2 and xxx.biz
>> in
>> the web.config of server 1 ?
>> Roel
>>
>> "Dominick Baier [DevelopMentor]"
>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>> news:4580be6314c8ee8c7bf30365b41a8@news.microsoft.com...
>>
>>> Hello Roel,
>>>
>>> what are the names of the machines from a client (=IE) perspective...
>>>
>>> A RFC compliant browser does not send a cookie form
>>> serverA.domain.com to serverB.domain.com - you have to adjust the
>>> domain attribute in the <forms> configuration to ".domain.com" -
>>> this means IE sends the cookie to all servers under the "domain.com"
>>> namespace.
>>>
>>> though i am not sure if this is already there in 1.1 - otherwise
>>> issue the cookie manually and set the .Domain property
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> Hi,
>>>>
>>>> I want to provide a single sign on for 2 web applications hosted in
>>>> different environments.
>>>> I set the machinekey to the same value in both web.config files
>>>> (also
>>>> i set
>>>> them to the same value in the machine.config files). The
>>>> <authentication
>>>> mode="Forms" > section is exactly the same in both applications:
>>>> <authentication mode="Forms" >
>>>> <forms name=".EuphAc" loginUrl="Main/loginForm.aspx"
>>>> protection="All"
>>>> timeout="60" />
>>>> </authentication>
>>>> The only time this works is if I do it on the same physical machine:
>>>> 2
>>>> web applications sharing the same machinekey in web.config section
>>>> and
>>>> <authentication mode="Forms" > section.
>>>> If I try the same moving application 2 to another server (including
>>>> the web.config file which stays the same), or to localhost, I can
>>>> login on one system but it does not login on the other system.
>>>>
>>>> (Strange thing was it sometimes seemed(!) that it worked but after 1
>>>> second it redirected me back to the login page.)
>>>>
>>>> I hope I'm somewhat clear.....
>>>>
>>>> What am I doing wrong ?
>>>>
>>>> Any help much appreciated!
>>>>
>>>> Roel
>>>>
>
>